All Government Digital Service (GDS) websites will be required to adopt HTTPS encryption from 1 October, according to new security guidelines, if they haven't done so already.
The sites will also be expected to boost email security, and must publish a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy for email systems.
"The service.gov.uk standards require all government services to run on secure connections, known as ‘HTTPS'. This type of connection makes sure user data is encrypted and stays secure while users interact with your service," explained Dafydd Vaughan, a technical architect at the GDS, in a blog post this week revealing the decision.
"As well as enforcing the use of HTTPS, we now mandate that the service uses HTTP Strict Transport Security [HSTS]. This setting tells modern browsers that your service will only use secure connections and information should be sent encrypted.
"In September, we plan to submit the service.gov.uk domain to the browser manufacturers' HSTS preload list. This means that all modern browsers will only ever connect to government services via HTTPS.
"If your service is only available over unsecured connections, it will stop working in modern browsers once this happens. This may also affect testing environments hosted on service.gov.uk."
The GDS has also published guidance on how to implement secure email practices, including DMARC.
"As a temporary measure, if your team cannot set the DMARC policy to p=reject in this time period, you should publish a record using p=none to override the default policy," advised Vaughan.
The move is part of global shift to HTTPS, kicked off after the Edward Snowden disclosures showed how security services were taking advantage of insecure connections to spy on people and organisations.
Yahoo was one of the first to respond by taking Yahoo Mail all HTTPS in October 2013. Apple, meanwhile, will force developers to secure iOS apps with HTTPS from 2017, cracking the security whip on lackadaisical devs from 1 January next year.
Google has done its bit by promising in 2014 to rank websites secured with HTTPS more highly.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France